Security - should we be member only?

This forum is setup such that the entire World of internet users (4.4 billion) can view everything.

That may or may not concern you, but I'm interested to hear your opinions.

If we lock it down to members only:

One advantage is the number of viewers drops to about 299, which improves security.

One disadvantage is nobody else can learn about our glorious hobby.

As the BBC would say, other advantages and disadvantages are available.

I'll go with the consensus of replies - logically the don't care group do not need to reply.

Cheers
Paul

Several of the other forums Fora? I belong to have a two stage forum, Stage one anyone can see and that attracts new members, stage two is for contentious discussions.

For instance the Norfolk Broads Network, does this. Most of the Hidden from the public discussions are about poor management of the Broads Authority and the legality of it's claim to be a National Park when Parliament says it isn't.
 I don't see anything on this forum thats Needs to be hidden..

I agree with The Q. There's no need to hide anything on this forum. Having it open helps promote the hobby.

When, 10 years ago, I created my SeaHawk forum I did implement a system where new users had to register (an automated process outside of the control of the forum Admin) and then could only post in an "Introductions" area. Once they'd made a post that demonstrated they weren't a spammer, there they would be manually assigned to the "Members" group and allowed to post anywhere.

However, the process of only being allowed to post in a single sub-forum after registration seems to have defeated all bots. In ten year's there's never been a spam post and I've always promoted everyone who posted an introduction to be a "Member".

I now keep the system for other reasons. It can be useful to have an easily found introductory post that sets out a new user's experience etc.

I now run over a dozen forums on Nabble (on seven different Nabble servers) and none has yet been subject to spam posters.

Not really sure what security implications there are from having this place freely viewable.  Being viewable doesn't really give any personal information away, other than names, perhaps.

I'm an admin on another pretty big forum (a few thousand members) and we manage to keep spammers and advertisers out pretty effectively with just some simple membership checks.  The only area we restrict to members who have more than a certain number of posts relates to discussions involving a government department, and that's really just to allow freedom of expression without too much fear that someone might get targeted over something they've posted.

Thank you all for the feedback - on another forum I administer a few people where concerned about certain details leaking out.

So I donned my OCD hat and played devil's advocate, in a duty of care spirit.


Building on Greg's comments, I can assure everyone I have nuked many spammers trying to sell us plywood by the tonne, from the land of the rising sun!

Non-automatic membership is slow, but very effective.

It looks like everything will be left as it is.

Cheers
Paul

Paul (admin) wrote

Building on Greg's comments, I can assure everyone I have nuked many spammers trying to sell us plywood by the tonne, from the land of the rising sun!

I don't quite understand that.

While you can "nuke" (I take it that  means "Ban"?) users the moment they register you won't know they're Chinese plywood-by-the-ton merchants until they've posted their annoying messages, and there's been no such posts made. (Subscribers would see them, even if the messages are promptly deleted from the forum by you.)

Of course, it's possible to tell Google you don't like the adverts being served, but that only affects you, not other users. Google know that I have never bought plywood, so don't think I might be interested in more and don't feed me any such ads. Strangely, on this site, the ads seem 75% unrelated to my buying habits - I won't tell you about the ads I see! :-)

Out of interest, what are the difference in access that "Members" get on this forum that "Registered" users don't?

Greg,

Only members can post messages.

When the registered spammers try to post, they are blocked and must type in a reason why they want to post, which is sent to admin only.
 
It's often a dozen lines like "high quality plywood, very good for your building project. We can supply any thickness up to 1000 sheets for a happy price. We want your business: quickdeliver.plywood.com"

Yes I hit the Ban button with cat like reactions.

Paul

Hi Paul,

Silly me!

Somehow I had never thought of using that approach on a Public forum.

I run several private forums, where various email addresses are pre-filled in the "Members" group, so when their owners register they instantly get viewing and posting rights, but others only get the "Access Request" screen.

It just never occurred to me to use it on a public forum where "Anyone" has viewing rights but "Registered" users still need to complete the "Access Request" screen appropriately to get placed in the "Members" group and get posting rights.

I do something similar on the AYRS Forum (https:www.ayrs.org/forum/) which runs on PHPBB. Most of it is readable to the public, anyone can (try to) post, but everyone is on moderation until I say otherwise. That means only moderators see the spammers messages and we then ban them. It works fairly well.
Simon